<%@ page contentType="text/html; charset=iso-8859-1" language="java" import="java.sql.*" errorPage="" %>
<%@ include file="Connections/A146240Connection.jsp" %>
<%
// *** Validate request to log in to this site.
String MM_LoginAction = request.getRequestURI();
if (request.getQueryString() != null && request.getQueryString().length() > 0) {
  String queryString = request.getQueryString();
  String tempStr = "";
  for (int i=0; i < queryString.length(); i++) {
    if (queryString.charAt(i) == '<') tempStr = tempStr + "&lt;";
    else if (queryString.charAt(i) == '>') tempStr = tempStr + "&gt;";
    else if (queryString.charAt(i) == '"') tempStr = tempStr +  "&quot;";
    else tempStr = tempStr + queryString.charAt(i);
  }
  MM_LoginAction += "?" + tempStr;
}
String MM_valUsername=request.getParameter("userName");
if (MM_valUsername != null) {
  String MM_fldUserAuthorization="USER_ID";
  String MM_redirectLoginSuccess="index.jsp";
  String MM_redirectLoginFailed="login.jsp";
  String MM_redirectLogin=MM_redirectLoginFailed;
  Driver MM_driverUser = (Driver)Class.forName(MM_A146240Connection_DRIVER).newInstance();
  Connection MM_connUser = DriverManager.getConnection(MM_A146240Connection_STRING,MM_A146240Connection_USERNAME,MM_A146240Connection_PASSWORD);
  String MM_pSQL = "SELECT USER_ID, USER_PASSWORD";
  if (!MM_fldUserAuthorization.equals("")) MM_pSQL += "," + MM_fldUserAuthorization;
  MM_pSQL += " FROM A152786.USER_STORE WHERE USER_ID=\'" + MM_valUsername.replace('\'', ' ') + "\' AND USER_PASSWORD=\'" + request.getParameter("password").toString().replace('\'', ' ') + "\'";
  PreparedStatement MM_statementUser = MM_connUser.prepareStatement(MM_pSQL);
  ResultSet MM_rsUser = MM_statementUser.executeQuery();
  boolean MM_rsUser_isNotEmpty = MM_rsUser.next();
  if (MM_rsUser_isNotEmpty) {
    // username and password match - this is a valid user
    session.putValue("MM_Username", MM_valUsername);
    if (!MM_fldUserAuthorization.equals("")) {
      session.putValue("MM_UserAuthorization", MM_rsUser.getString(MM_fldUserAuthorization).trim());
    } else {
      session.putValue("MM_UserAuthorization", "");
    }
    if ((request.getParameter("accessdenied") != null) && true) {
      MM_redirectLoginSuccess = request.getParameter("accessdenied");
    }
    MM_redirectLogin=MM_redirectLoginSuccess;
  }
  MM_rsUser.close();
  MM_connUser.close();
  response.sendRedirect(response.encodeRedirectURL(MM_redirectLogin));
  return;
}
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>POWA Store [Login]</title>
</head>

<body>
<form action="<%=MM_LoginAction%>" method="POST" name="loginForm" id="loginForm">
  <table width="33%"  border="0" align="center">
    <tr>
      <td width="22%">User Name</td>
      <td width="2%">:</td>
      <td width="38%"><input name="userName" type="text" id="userName"></td>
      <td width="38%" rowspan="2">New User? <a href="Account/newAccount.jsp">Sign Up</a></td>
    </tr>
    <tr>
      <td>Password</td>
      <td>:</td>
      <td><input name="password" type="password" id="password"></td>
    </tr>
    <tr>
      <td colspan="4"><div align="center">
        <input type="submit" name="Submit" value="Login">
      </div></td>
    </tr>
  </table>
</form>
</body>
</html>
